<?php
/*
 *   This file is part of Verbum.
 *
 *   poat is free software: you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation, either version 3 of the License, or
 *   (at your option) any later version.
 *
 *   poat is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with poat.  If not, see <http://www.gnu.org/licenses/>.
 * 
 * 	 Copyright (c) 2008 Sergio Gabriel Teves <gabriel.sgt at gmail.com>
 */
//sleep(2);
$rejectact = array("user_reg");
$broadact = array("system_list","user_reg_control","message");

$islogged = isset($_SESSION['s_user']); //&& $_SESSION['s_user']!="";

if (!$islogged) {
	$lginfo = getLoginCredentials();
	if (isset($lginfo->userid) and  isset($lginfo->pass)
			&& $lginfo->userid!="" and $lginfo->pass!="") {
		$_log->debug("Verify login credentials");
		$us = new user;
		$us->userid=$lginfo->userid;
		$r = $loader->get($us);
		if ($r) {
			if ($us->currentpwd==$lginfo->pass and $us->status==STATUS_ACTIVE) {
				$_log->debug("Login credentials accepted");
				//$_SESSION["s_user"] = $us->userid;
				$loader->execute($us->updateLogin());
				cache('s_user',$us);
				$islogged = true;
			}
		}
	}	
}

if ($islogged) {
	//$_log->debug("AUTHENTICATED: ".$_SESSION['s_user']);
	
	require(ROOT_PATH."includes/currentuser.php");
	if ($action!="") {
		if (($loader->count(credentials::exists($CURRENT_USER->groupid,$action,$op))==0 || in_array($action,$rejectact)) && !in_array($action,$broadact)) {
			$_log->info("Unauthorized");
			failed(s("You are not authorized to perfom this action."));
		} else {
			$reqaction = ROOT_PATH."action/".$action."_action.php";	
			if (file_exists($reqaction)) {
				require($reqaction);
			} else {
				$_log->error("Unknown action '$action'");
				failed(s("Unknown error."));	
			}
		}
	} else {
		require(ROOT_PATH."pages/header.php");
		require(ROOT_PATH."pages/desktop.php");
		require(ROOT_PATH."pages/footer.php");	
	}
} else {
	$_log->debug("NOT AUTHENTICATED");

	if ($action!="" and (!in_array($action,$broadact) and !in_array($action,$rejectact))) {
		$cancelRelocation=true;
		require(ROOT_PATH."action/logout_action.php");				
		out("{success: false, target: 'index.php?tx=".rand(1000000000,9999999999)."&s=1'}");
	} else {
		selectLang();
		if (in_array($action,$broadact)) {
			$_log->debug("brodact");
			$reqaction = ROOT_PATH."action/".$action."_action.php";
			if (file_exists($reqaction)) {
				require($reqaction);
			} else {
				$_log->error("Unknown action '$action'");
				failed(s("Unknown error."));	
			}
		} else {
			require(ROOT_PATH."pages/header.php");
			if (in_array($action,$rejectact) || in_array($action,$broadact)) {
				$reqaction = ROOT_PATH."action/".$action."_action.php";
				if (file_exists($reqaction)) {
					require($reqaction);
				} else {
					$_log->error("Unknown action '$action'");
					failed(s("Unknown error."));	
				}
			} else {
				if ($param['s']==="1") $expired=true;
				require(ROOT_PATH."pages/login.php");	
			}
			require(ROOT_PATH."pages/footer.php");
		}		
	}

}

?>
